IRS Tips Won't Protect You From Identity Theft Tax Fraud

With the tax return filing season about to begin, the Internal Revenue Service last week offered seven tips on how to protect yourself from becoming a victim of tax related identity theft. They ranged from “don’t carry your Social Security card” to “don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you are sure you know who you are dealing with.” By all means you should follow such advice, just as you should floss every day. Just don’t expect either flossing or the IRS tips to protect you from the current tsunami of tax related identity theft.

The fraudsters engaged in what the government calls "stolen identity refund fraud" submit large numbers of bogus returns electronically in the hopes that some of them will get through the IRS’ security screens. So rather than steal identities wallet by wallet, or computer by computer, they lift names and Social Security numbers by the dozens, or the hundreds, or the thousands, often with the help of corrupt insiders with access to personal data, including tax preparers, health care billing clerks, state employees and debt collectors. Talk about big numbers---prosecutors say that while working in a North Miami law firm in 2010 and 2011, Rodney Saintfleur, 28, misused Reed Elsevier’s Lexis Nexis database to attach Social Security numbers to 26,000 names that co-conspirators involved in refund fraud had given him. (Saintfleur pleaded guilty in November and is scheduled to be sentenced next month.)

“It’s relatively inexpensive. You can get somebody to steal some names…and you can ping our system, and if it doesn’t go through, big deal,’’ National Taxpayer Advocate Nina E. Olson observes. For the most part, this isn’t sophisticated cybercrime. One North Carolina man broke into a local Jackson Hewitt Tax Service office and stole 300 clients’ files to use for refund fraud. A part time data entry clerk at the IRS’ Fresno, Ca. Service Center, instead of entering the data from 68 papers 1040s into the IRS’ computers, allegedly stole the returns and used them to file for phony refunds.

Some of these schemes sound simply too hokey to work. According to a criminal complaint filed last year in the Montgomery, Ala. federal court, during the 2011 tax filing season, 650 tax returns were all transmitted from a single IP address at the home of Antoinette Djonret, with more than 400 of the returns claiming a tax refund of exactly $1,300 and every tax return claiming the taxpayer received wages from, and had taxes withheld by Wal-Mart. Yet according to a later indictment, Djonret and her co-conspirators managed to get 80o refunds, worth more than $1.2 million, delivered to WalMart MoneyCards and other pre-paid debit cards. Djonret entered a guilty pleas in October and a new indictment, unsealed just today, charges another woman supplied Djonret with names from Alabama state databases over a two and a half year period, ended in April 2012.

The numbers are staggering. According to Congress’ Government Accountability Office, the IRS detected 642,000 cases of identity theft in the first nine months of 2012, up from 242,000 in all of 2011. And that 2012 number, big as it is, doesn’t include 436,000 fraudulent refund claims filed in 2012 using the Social Security numbers of Puerto Rican citizens, who don’t have to file with the IRS or pay federal taxes unless they have income from the states. While there’s no way of knowing how many stolen ID claims aren’t detected, the Treasury Inspector General for tax Administration estimated in July that 1.5 million bogus returns claiming $5.2 billion in refunds are getting through a year. (The IRS said in response that it believes that fraud prevention measures it put in place in 2012 make the TIGTA estimate too high.)

Regardless of the exact number, the fraudsters are exploiting the fact that the IRS doesn’t process the W-2s and 1099s it gets for taxpayers until well after it pays out refunds. So an ID thief in possession of a valid name and Social Security number can create phony W-2s and apply for a refund of make-believe withholding, or for a refundable credit, such as the earned income tax credit, worth thousands of dollars. The bogus claim won’t go through, however, if the real taxpayer has already filed his return for a year.

That’s one reason that in the early days of this epidemic a main source of names for the crooks was the Social Security Death Index---a government maintained database, which is available free on genealogy research sites and had included the full name, Social Security number, date of birth and death and the last address on record. (See IRS Pays Refunds To 5,000 Dead People). The IRS is now getting more timely updates from the Social Security Administration and blocking electronic refund requests for those accounts, while the SSA has reduced some of the information, including addresses, on the index.

So the crooks have moved on, using the identities of all sorts of living folks. Taxpayers who earn too little to file—the disabled, welfare recipients, even prisoners—are favored targets. But they’re hardly the only ones. In an affidavit in a Florida case, an FBI agent noted that military personnel serving in combat zones make attractive targets since they don’t have to file their 1040s until 180 days after they leave the combat zone, meaning the crooks can be reasonably sure they’ll get their refund claims in first.

Sure, sometimes people do become victims after being duped into giving up personal information. New York state law enforcers last year busted a scheme in which more than 250 people from 30 states were tricked into volunteering their Social Security numbers and birth dates in response to phony job and apartment listings on Craigslist. But that’s the exception. For the most part, those who have their identities stolen for tax purposes haven’t been naïve or careless. As the IRS suggests, you shouldn't give your Social Security number to a business just because it asks for it. But a lot of hospitals and doctors won’t treat you without a Social Security number; and the number is used on the insurance cards carried by 52 million Medicare recipients, making it nearly impossible for most Americans to protect themselves from dishonest medical billing clerks.

Those taxpayers who have their tax IDs stolen can be in for a long wait for their refunds and potentially frustrating interactions with the IRS. (Callers to the IRS last year waited an average of 17 minutes to get through to a human being.) In a government sentencing memo arguing for a long term for a woman who had stolen IDs of student loan borrowers through her job as a customer service rep for loan processor EDS (now HP Enterprise Services), federal prosecutors from the Middle District of Alabama noted that victims testified at her 2011 trial about their “seemingly endless struggles with the IRS, as they continue to wait for their legitimate tax refunds and continue to explain away the negative marks on their credit reports as they live their everyday lives.”

The IRS has dramatically ramped up its efforts to both curb ID theft and help victims (even, it says, at the expense of enforcement and service initiatives). Last year the IRS' Criminal Investigation unit started 898 ID theft investigations, up from 276 the year before. But it still takes about six months to resolve a typical case (and for the victim to get his or her legitimate refund). Olson, whose office helps individual taxpayers deal with IRS problems, reports that some cases last year took as long as 300 days to resolve. “It’s appalling,’’ she says. Beyond delayed refunds, victims can have other problems with the IRS. For example, if they’re selected for an audit, the notice will be sent to the last address the IRS has on record—which could be the one provided by the crooks. (For what to do if you suspect you're the victim of tax refund identity theft, go to the IRS' Identity Theft resource center here.)

Among its initiatives, the IRS is now issuing ID theft victims special Identity Protection Personal Identification Numbers (IP PINs), that allow them to distinguish themselves from the fraudsters and get their tax refunds processed. Unfortunately, points out Olson, you can’t get one of these numbers until the IRS has finished its lengthy investigation and established you---not the crook---are the rightful owner of a Social Security number. (At an American Bar Association Section on Taxation meeting Saturday, an IRS official said nearly 750,000 taxpayers have been given IP PINs for this filing season, Tax Notes reported.)

Eventually, Olson says, as the IRS gets better at detecting phony claims before they’re paid, the fraudsters “will look for some other criminal opportunity that is less hard work.” But that’s not yet the case and this year, she predicts, could mark the peak of the epidemic, before it’s contained.